On Mon, Sep 28, 2015 at 6:57 AM, Thomas Schäfer <[email protected]> wrote:
> Hi, > > I am observing sometimes very strange ipv6-misconfigurations. > > The last two examples are: > > > www.hs-worms.de > > LANG=C wget -6 www.hs-worms.de > converted 'http://www.hs-worms.de' (ANSI_X3.4-1968) -> ' > http://www.hs-worms.de' (UTF-8) > --2015-09-28 15:07:07-- http://www.hs-worms.de/ > Resolving www.hs-worms.de (www.hs-worms.de)... 2001:4c80:81:a000::1d > Connecting to www.hs-worms.de (www.hs-worms.de)|2001:4c80:81:a000::1d|:80... > failed: Connection timed out. > Retrying. > > and > > www.df.eu > > LANG=C wget -6 www.df.eu > converted 'http://www.df.eu' (ANSI_X3.4-1968) -> 'http://www.df.eu' > (UTF-8) > --2015-09-28 15:06:56-- http://www.df.eu/ > Resolving www.df.eu (www.df.eu)... 2a00:1158:0:100::26 > Connecting to www.df.eu (www.df.eu)|2a00:1158:0:100::26|:80... failed: > Connection refused. > > Both examples have an AAAA-record and so my assumption also IPv6. > > > The webmaster of hs-worms doesn't answer. > > The webmaster of df I did not ask yet - he is a "hoster" and should have > some monitoring tools. > > > My question: Is it right, that all these misconfigurations will fail on > ISPs using DNS64/NAT64, except the people using 464xlat additionally? > > > For an IPv6-only device, it will only try IPv6...there is no fall back to IPv4. So, the device will only ask for aaaa ever... it will never as for "a" record Since a natural "AAAA" exists, the DNS64 will never send back a synthesize "AAAA" to the IPv6 only user. So, for IPv6-only users, they will not have any access to a site with broken ipv6. Generally speaking, it is better to have no IPv6 access than broken IPv6. CB > If somebody knows the responsible persons... > > > Regards, > Thomas Schäfer > > > > -- > > There’s no place like ::1 > > Thomas Schäfer (Systemverwaltung) > Ludwig-Maximilians-Universität > Centrum für Informations- und Sprachverarbeitung > Oettingenstraße 67 Raum C109 > 80538 München ☎ +49/89/2180-9706 ℻ +49/89/2180-9701 > >
